LISTSERV - PCBUILD Archives - LISTSERV.ICORS.ORG

PCBUILD Archives

Personal Computer Hardware discussion List

PCBUILD@LISTSERV.ICORS.ORG

	LISTSERV Archives
	PCBUILD Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Computer infection
From:	John Sproule <[log in to unmask]>
Reply To:	Personal Computer Hardware discussion List <[log in to unmask]>
Date:	Wed, 4 Aug 2010 11:35:04 -0400
Content-Type:	text/plain
Parts/Attachments:	text/plain (53 lines)

As has been suggested a reformat of the drive may be sufficient to overwrite 
the virus, I don't know; however, I would feel confident that using a 
utility to write zeroes to the drive will give you a clean slate to work 
with.  My first choice would be to see if the manufacturer of your drive has 
a diagnostic disk available that includes this capacity to zero out the 
drive.  If by chance they don't, my second choice would be a program for 
erasing hard drives more generally, such as Derek's Boot and Nuke.  While 
this program includes some rather sophisticated routines for making multiple 
passes of writing random data to your drive, all you need is a single pass 
of some simple routine (such as writing zero to every sector).  A word of 
caution, if you have more than one drive installed and you don't want to 
lose data on one of these drives, disconnect the one that you are not going 
to erase.  This way you don't need to worry about erasing the wrong the 
drive.

With regard to your question about whether your secondary drive might also 
be infected, I would think that the same programs that successfully detected 
the infection on your main drive would also be capable of finding a similar 
infection on your secondary drive.

I assume that this second drive is not a bootable drive; so, I would think 
it unlikely that it also has a boot sector virus.

For what it may be worth (since people have already mentioned many different 
antivirus scanners to use) I'll add one more antivirus scanner, Hitman Pro 
3.5.  This is an online scanner that bills itself as a second opinion 
scanner.  It doesn't do a complete scan of your data, but it selectively 
submits what it thinks might be likely candidates to multiple virus 
scanners.  It impressed me, when it picked up on a root kit that was 
repeatedly re-installing malware that other scanners had attempted to 
remove.  I don't think that I used Hitman Pro to remove the rootkit.  I 
think I just used it to identify the culprit and did somesort of manual 
removal of it.  Sorry, it's been long enough ago that I don't recall those 
details.

John Sproule

-------- Synopsis of the Original Message Below ---------

Date:    Tue, 3 Aug 2010 15:02:07 -0400
From:    Donald DeWitt <[log in to unmask]>
Subject: Re: Computer infection

You discovered that your hard drive was infected with the Whistler Bootkit, 
but were unsuccessful removing it using MBRCheck.exe.  You asked if it was 
possible to remove this virus from the hard drive, short of tossing it and 
replacing it with a new hard drive.  You wondered whether your secondary 
drive might be infected, as well.

                  Visit our website regularly for FAQs,
               articles, how-to's, tech tips and much more
                          http://freepctech.com

ATOM RSS1 RSS2

LISTSERV.ICORS.ORG